HttpWebRequestError: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF

Question

I have created a sample asp.net application and try to scrape data from my server using httpwebrequest. But some times I got this above error. I have done some searches on google but all are saying that you should add the property "<httpWebRequest useUnsafeHeaderParsing="true" />" in web.config.

This property have 'UNSAFE" word, so I am too worried about this. I can't add this is in my site configuration. Is there any other option to read the response of my scrape URL. Please let me know how can it be possible without "<httpWebRequest useUnsafeHeaderParsing="true" />"

Thanks in advance, Laxmilal Menaria

I've seen a different case with the same error - [Imperva's Incapsula](https://www.incapsula.com/cdn-content-delivery-network/caching.html) caching mechanism tried to cache a specific response. so, instead of redirecting to the real server, *Incapsula* replied with the same response, but somehow, the headers were a little different and was not complying with Windows CR-LF (\r\n). — itsho, Jul 09 '17 at 10:20

score 26 · Answer 1 · answered Sep 29 '09 at 18:10

This is certainly a server problem-- the server is not following the HTTP specification and the .NET client is flagging this as a potential problem. "Unsafe" is I think somewhat of a misnomer. There's not really a big security issue here, only non-compliance with the RFC which is bad but unfortunately not rare.

So, as you found in Google, the way to get around the problem is to apply the following configuration change:

<configuration> 
 <system.net> 
  <settings> 
   <httpWebRequest useUnsafeHeaderParsing="true" /> 
  </settings> 
 </system.net> 
</configuration>

If you're wondering where to add this, look in the solution explorer for `App.config`. — Krzysztof Bociurko, Jun 16 '15 at 11:22

score 2 · Answer 2 · answered Oct 20 '10 at 12:51

One way to debug this (and to make sure it is the protocol violation that is causing the problem), is to use Fiddler (Http Web Proxy) and see if the same error occurs. If it doesn't (i.e. Fiddler handled the issue for you) then you should be able to fix it using the UseUnsafeHeaderParsing flag.

If you are looking for a way to set this value programatically see the examples here: http://o2platform.wordpress.com/2010/10/20/dealing-with-the-server-committed-a-protocol-violation-sectionresponsestatusline/

score 2 · Answer 3 · answered Aug 30 '11 at 20:00

2

Another possibility: when doing a POST, the server responds with a 100 continue in an incorrect way.

This solved the problem for me:

request.ServicePoint.Expect100Continue = false;

answered Aug 30 '11 at 20:00

marq

808
10
13

score 0 · Answer 4 · answered Feb 21 '20 at 15:32

0

You may want to check the content of your headers. Try adding the following, as suggested by this link:

Accept: text/html, application/xhtml+xml, */*

answered Feb 21 '20 at 15:32

Todd Myhre

1,310
1
10
15

HttpWebRequestError: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF

4 Answers4

Linked